Hello!
I’m going to run the sonatype / nexus3 image in docker and I’d like to know if Nexus comply with the following security communications?
- TLS 1.2 or higher?
- With the following ciphers:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256?
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384?
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256?
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384?
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256?
- TTLS_DHE_RSA_WITH_AES_256_GCM_SHA384?
- Does nexus have this or more ciphers?
I would also like to know if the nexus comply with the following security headers?
- HTTP::header insert “X-FRAME-OPTIONS” “SAMEORIGIN”?
- HTTP::header insert Strict-Transport-Security “max-age=31536000”?
- HTTP::header insert “Pragma” “no-cache”?
- HTTP::header insert “Expires” “0”?
- HTTP::header insert “Set-Cookie” “${set_cookie_header}; HttpOnly”?
- HTTP::header insert “Set-Cookie” “${set_cookie_header}; Secure”?
- HTTP::header insert “X-Content-Type-Options” "nosniff”?
- HTTP::header insert “X-XSS-Protection” "1; mode=block”?
- HTTP::header insert " Content-Security-Policy"?
- HTTP::header insert " Referrer-Policy"?
- HTTP::header insert " Public-Key-Pins"?
Thanks